Yea, but most people don't think about security in terms of black and white, and neither should they. There is no such thing as "real security & privacy" and it's completely disingenuous to suggest that you've found it when it involves trusting you or your company as a third party in placement of, say, Apple.

As a universal statement, this is far too simplistic of a comment about a system's security and trust. Security without a notion of threat model is quite irrelevant. There's quite a large spectrum between trusting Apple with respect to the binary they serve me not being actively malicious and by-and-large does what it says it does; that they are not actively presenting someone else's key to my chat parties, vs. trusting them with my unencrypted data on their servers. At the very least, the latter would not be safe under subpoena, or data leak, or a rouge employee, for instance. Plus, in practice, if they present a malicious binary to everyone or substitute keys, someone likely notices at Apple scale. If I am that interesting of a target for them that they decide to target me specifically, I have bigger worries, as I am trusting the OS and hardware anyway (and still, there's hopefully some level of forward secrecy). In fact, to me, and to vast majority of people, a random exploit in their OS or physical theft of the phone carries a higher risk than Apple directly attacking them.

So, no, I fully reject that iMessage security is substantially equivalent to say, "Facebook Messenger" (even if run by Apple). I posit the delta is almost as much as HTTPS with Let's Encrypt cert compared to plain HTTP. And yes, there are no doubt use-cases that iMessage is ill-suited for; doesn't mean we should just give up on it for the other 99%.